In a typical virtualisation environment, a processing device such as a processor core is arranged to execute hypervisor software which supports the execution of multiple virtual machines on that processing device. Each virtual machine will typically have one or more applications running on a particular operating system, with the hypervisor software acting as an interface layer between the virtual machine and the underlying hardware to enable the provision of appropriate hardware support to the virtual machine. Via the hypervisor software layer, each virtual machine gets a particular view of the system in which it resides, and thus gets a particular view of the available hardware resources of the system. Each virtual machine operates independently of other virtual machines on the system, and indeed is not necessarily aware of the presence of the other virtual machines.
Accordingly, in an example system, one virtual machine may be executed which runs a particular operating system, for example Microsoft Windows, whilst another virtual machine is executed running a different operating system, for example Linux.
Irrespective of whether virtualisation techniques are used or not, there arise many instances where the data associated with one application is sensitive data that should not be accessible by other applications running on devices of the data processing apparatus. It is clearly important in such situations to ensure that such sensitive data is kept secure so that it cannot be accessed by other applications that may be loaded onto the data processing apparatus, for example hacking applications that have been loaded onto the data processing apparatus with the purpose of seeking to access that sensitive data.
It has traditionally been the job of the operating system developer to ensure that the operating system provides sufficient security to ensure that the sensitive data of one application cannot be accessed by other applications running under the control of the operating system. However, as systems become more complex, the general trend is for operating systems to become larger and more complex, and in such situations it becomes increasingly difficult to ensure sufficient security within the operating system itself. To seek to alleviate the reliance on operating system security, it is known to provide a system in which a data processing apparatus is divided into two distinct domains or worlds, these domains providing a mechanism for handling security at the hardware level. Such a system is described for example in commonly assigned co-pending U.S. patent Application Ser. No. 10/714,561, now U.S. Pat. No. 7,305,534, the contents of which are herein incorporated by reference, this application describing a system having a secure domain and a non-secure domain. In that system, the non-secure and secure domains in effect establish separate worlds, the secure domain providing a trusted execution space separated by hardware enforced boundaries from other execution spaces, and likewise the non-secure domain providing a non-trusted execution space.
In such secure systems, the memory system is typically divided into secure memory and non-secure memory. Any applications operating in the non-secure domain are unable to access to secure memory. However, when in the secure domain, it is typically possible to access both the secure memory and the non-secure memory.
When seeking to incorporate such hardware-based security into a data processing apparatus employing the earlier-mentioned virtualisation techniques, the processing circuitry can be arranged whilst in the non-secure domain to execute multiple non-secure virtual machines, each of which can be given its own view of the non-secure memory address space. The processing circuitry can then enter the secure domain in order to execute the hypervisor software, and indeed can, if desired, execute one or more secure applications under the control of a secure operating system within the secure domain. The hypervisor maintains the separation of the multiple non-secure virtual machines by exercising control over the address translation mechanism used to generate physical addresses for accessing the memory system. Since this is managed from the secure domain, the non-secure virtual machines cannot modify that address translation mechanism.
To enable multiple secure virtual machines to also be provided, it would be necessary to implement a system where the hypervisor operated in an additional privilege level above that of the secure domain, thereby enabling the hypervisor to exercise the same level of control over the address translation mechanism for the various secure virtual machines as is used for the non-secure virtual machines. However, such an approach would require an additional level of privilege over and above those already provided to support the secure domain and non-secure domain, and this additional level of complexity will in many implementations be considered unacceptable.
However, without modifying the system in the above manner it is not possible to virtualise multiple secure operating systems, i.e. to run multiple virtual machines in the secure domain. In particular, since in the secure domain there will be no level of privilege distinction between the hypervisor software and any other software executing in the secure domain, if multiple secure virtual machines were to be established, it would be possible for one secure virtual machine to modify the address translation mechanism put in place by the hypervisor software, and by that process gain access to the secure data of one of the other virtual machines.
Accordingly, in a system where an additional level of privilege is not provided for the hypervisor, any virtual machine must be arranged to execute in the non-secure domain, but as a result it will be unable to access secure memory.
Accordingly, it would be desirable to provide a mechanism which allowed multiple virtual machines to be executed which could access secure memory under conditions controlled by the hypervisor software without the requirement for an additional level of privilege to be provided for the hypervisor software.